Tech support scams last year resulted in $15 million in losses, an increase of 86% over 2016, according to the FBI Internet Crime Complaint Center (IC3).
In 2017, IC3 received approximately 11,000 complaints related to tech support fraud. The claimed losses amounted to nearly $15 million. While a majority of tech support fraud involves victims in the United States, IC3 has received complaints from victims in 85 different countries.
Tech Support Fraud involves a criminal claiming to provide customer, security, or technical support in an effort to defraud unwitting individuals.
"This type of fraud continues to be a problematic and widespread scam," the IC3 said in an alert published today. "As this type of fraud has become more commonplace, criminals have started to pose as government agents, even offering to recover supposed losses related to tech support fraud schemes or to request financial assistance with 'apprehending' criminals."
How the Fraud Occurs
Initial contact with the victim typically occurs through the following methods:
- Telephone: A victim receives an unsolicited telephone call from an individual claiming the victim’s device or computer is infected with a virus or is sending error messages to the caller. Callers are generally reported to have strong, foreign accents.
- Search Engine Advertising: Individuals in need of tech support may use online search engines to find technical support companies. Criminals pay to have their fraudulent tech support company’s link show higher in search results hoping victims will choose one of the top links in search results.
- Pop-up message: The victim receives an on-screen pop-up message claiming a virus has been found on their computer. In order to receive assistance, the message requests the victim call a phone number associated with the fraudulent tech support company.
- Locked screen on a device: The victim’s device displays a frozen, locked screen with a phone number and instructions to contact a fraudulent tech support company. Some victims have reported being redirected to alternate Web sites before the locked screen occurs.
- Phishing email warning: The victim receives a phishing email warning of a possible intrusion to their computer or an email warning of a fraudulent account charge to their bank accounts or credit cards. The email provides a phone number for the recipient to contact the fraudulent tech support.
Once the fraudulent tech support company representative makes verbal contact with the victim, the criminal tries to convince the victim to provide remote access to the victim’s device. If the device is a tablet or smartphone, the criminal often instructs the victim to connect the device to a computer. Once remotely connected, the criminal claims to find expired licenses, viruses, malware, or scareware. The criminal will inform the victim the issue can be removed for a fee. Criminals usually request payment through personal/electronic check, bank/wire transfer, debit/credit card, prepaid card, or virtual currency.
How to Protect Yourself
IC3 has issued these suggestions for protecting yourself from tech support fraud:
- Remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.
- Install ad-blocking software that eliminates or reduces pop-ups and malvertising (online advertising to spread malware).
- Be cautious of customer support numbers obtained via open source searching. Phone numbers listed in a “sponsored” results section are likely boosted as a result of Search Engine Advertising.
- Recognize fraudulent attempts and cease all communication with the criminal.
- Resist the pressure to act quickly. Criminals will urge the victim to act fast to protect their device. The criminals create a sense of urgency to produce fear and lure the victim into immediate action.
- Do not give unknown, unverified persons remote access to devices or accounts.
- Ensure all computer antivirus, security, and malware protection is up to date. Some victims report their anti-virus software provided warnings prior to attempt.
What To Do If You Are a Victim
- Individuals who receive a pop-up or locked screen, should shut down the device immediately. Ignore any pop-ups instructing to not power off or restart the computer.
- Do not re-contact fraudulent tech scam companies. Expect additional fraudulent calls as these companies often share their customer database information.
- Should a criminal gain access to a device or an account, individuals should take precautions to protect their identity. Immediately contact financial institutions to place protection on accounts as well as change passwords and actively monitor accounts and personal information for suspicious activity.
Individuals who believe they may be a victim of an online scam (regardless of dollar amount) should file a complaint with the IC3 at www.ic3.gov. The more often fraud and scams are reported, the better equipped law enforcement can be to address the issues.
Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.